Enterprises create and/or manage soft digital assets such as digital text documents, computer executable files, digital audio files, digital imagery files, digital video files, database files, email files, text files, and data files, for example. Such soft assets often include confidential and/or mission critical information. Examples of confidential and mission critical information include customer data such as bank statements, employee records, business projections, legal documents and company trade secrets. Such soft assets are also herein referred to as electronic files.
Frequently, soft assets need to be accessed by several employees in a company. The soft assets are usually deposited in some centrally shared repository or portal so that copies can be downloaded or uploaded. Such shared repositories and portals may implement simple access control procedures to control access to the soft assets. The simple access control rules are based on which employee is to be granted read/write privileges with respect to each electronic file. If authentication of the employees is required, simple authentication procedures based on simple IDs and passwords are implemented.
One problem is that, once a copy of an electronic file is downloaded from the shared repository, the company and the creator of the electronic file ceases to have control of any of the copies. The downloaded electronic document can be copied, edited and email-ed to unknown destinations and cannot be tracked.
Examples of shortcomings of access control include the inability to specify complex access control rules such as 1) only persons P1 and P2 can view (read) the electronic file, 2) persons P3 and P5 must both be present in order to view and/or update the electronic file, 3) person P1 can only view the electronic file but persons P2 and P3 can view and write to the electronic file, and 4) at least M number of users out of a group of N number of users must be present in order to update an electronic file.
In view of the foregoing, there is a need for a method and system for implementing complex access control rules and as well as auditing sensitive electronic files.